External Access No Longer Working via DuckDNS & Nginx Proxy Manager

WildWanderer · October 21, 2022, 9:32pm

I’ve been working on this all day and at this point, I don’t know what it was that caused the issue. I’m unable to access Home Assistant via my duckdns domain, whether I try remotely or from the home network (that my HA rPi is on). I’ve got the Nginx Proxy Manager add-on installed with default settings:

From the Nginx web UI, I’ve got the proxy host configured with my duckdns domain and websockets enabled. Does the Scheme matter? I have it set to http as shown in the add-on documentation gif.

I got the SSL cert successfully working with SSL forced, though I was initially getting errors with the cert refreshing.

In my router (TP-Link Omada OC200) config, I have port 443 external forwarded to 443 internal for my local HA IP:

In configuration.yaml, I have http configured as follows:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: True
  login_attempts_threshold: 5
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.0.30

When I try to navigate to https://mydomain.duckdns.org:8123 via my home network, or a mobile network via my phone, I get “Unable to connect” in Firefox and “This site can’t be reached” in Chrome with “ERR_CONNECTION_REFUSED” on the home network and “ERR_CONNECTION_TIMED_OUT” on the mobile network. If I try just https://mydomain.duckdns.org without the port, I get “502 Bad Gateway, nginx”.

In the Duck DNS add-on, I have my domain, token, accept_terms: true configured as required.

I have also tried uninstalling and reinstalling the MariaDB add-on.

I found lots of information in this post, but unfortunately none of it has worked for me. I’m not sure what else to try.

Edit: I can access HA locally and externally via the app and https://mydomain.duckdns.org:8123 if I forward port 8123 in my router. But isn’t the point of the reverse proxy to avoid opening ports? I have to admit I’m a bit lost.

Toby1 · October 23, 2022, 9:36am

Hi,

You want port 8132 forwarded on your router. The idea of duckdns is that you don’t have to lookup your routers public dynamic IP address to connect remotely and that you have a single URL which you can use. This URL is updated to constantly point at your routers address but can’t access it unless port 8132 is forwarded.

Port 8132 external needs to be forwarded to 443 internal which Nginx Proxy Manager listens to and then it can redirect you to your Home assistant instance. It is not good practice to forward port 443 external direct to your home assistant instance without going through the reverse proxy so unless you have anything else listening on port 443 external on your router I would suggest closing this.

WildWanderer · October 24, 2022, 3:04am

Thanks for your help. I tried setting it up like below (and by reversing the ports), but I lose access via https://mydomain.duckdns.org when it’s configured that way. Is this screenshot how you would expect it to be configured? I could try again with incognito or a different browser just to be sure.

It’s only working with 8123 to 8123.

Toby1 · November 6, 2022, 11:28am

Sorry for the slow reply. I’ve just read through both the documentation and your setup again as it has been a while since I’ve used DuckDNS.

So your original setup was right where you forward port 443 external to port 443 internal to your device with nginx proxy manager on. The only thing I can see wrong is that you were currently trying to connect using port 8123 whereas you should connect just using https://mydomain .duckdns.org as https uses port 443 by default.

WildWanderer · November 10, 2022, 8:40pm

Thank you for the reply! I will play around with the configuration again next week when I’m back in town. With this setup, how would I connect to other services that are set up on different ports? Do I set up additional subdomains in nginx? For example, let’s say I have Tautulli on port 8181. Would I set that up in Nginx with a domain name like tautulli.mydomain.duckdns.org and put in 8181 as the forward port? Would that work? Is there another way to do it?

And then the only port I would need to forward in my router is 443 external to 443 internal, right?

Toby1 · November 13, 2022, 6:50pm

I’m not too familiar with DuckDNS and subdomains setup from there tbh. But if you can have multiple subdomain names in DuckDns it should work, so you would have it pointing to your nginx setup on port 443 and nginx will listen for the request and forward to the correct ip and port depending on the domain used.

I own my own domain name and using your example on my setup would be like the following:

tautulli.mydomain.duckdns.org => nginx => nginx forwards to ip and port of tautulli
now you could have another domain like https://home.mydomain.duckdns.org which could forward to nginx and lets say home assistant.
Or you could have https://home.mydomain.duckdns.org/tv => could forward to plex for instance while https://home.mydomain.duckdns.org/music forwards to a music server.

So that would currently work for me but I have my own domain name pointed to nginx but I’m not sure if DuckDNS lets you have multiple domain names or subdomains.

WildWanderer · December 2, 2022, 5:15pm

Thank you for outlining this! I finally was able to go through and get everything working. The only thing that I got hung up on is that all the apps except Home Assistant worked with http selected as the Scheme in Nginx. HA required https to work. I was able to set up subdomains for six apps with the following configuration:

I then access them all locally and remotely via https://appname.mydomain.duckdns.org and I only need port 443 on my router forwarded to the local IP of my Home Assistant machine where Nginx is installed. None of the app’s ports need to be opened anymore.

Glad to have this finally resolved!

jabronimus · April 9, 2023, 2:35am

I finally was able to go through and get everything working. The only thing that I got hung up on is that all the apps except Home Assistant worked with http selected as the Scheme in Nginx. HA required https to work.

How did you get HA to work? What settings did you use? I’m unable to get it working lol

WildWanderer · April 10, 2023, 11:06pm

The settings are shown in my screenshots, aside from the note about using HTTPS as the Scheme for HA. I think there’s also an external URL setting within home assistant itself that you could look into. It allows you to specify the URL to use internally and externally if I remember correctly.

Mrsash · May 27, 2023, 9:02am

Recently this stopped working for me and could not figure out why. Turns out my ISP had forgotten to send me an opt out on the CGNAT IP addresses. Called them up and asked them to assign me a static IP. This fixed the issue. I can now connect from my Phone.

Hope this helps others